Vulnerabilities > Cisco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2017-6765 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.1(6.11)/9.4(1.2) A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS. | 6.1 |
| 2017-08-07 | CVE-2017-6764 | Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.5(1) A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2017-08-07 | CVE-2017-6763 | Improper Input Validation vulnerability in Cisco Meeting Server 2.1.4 A vulnerability in the implementation of the H.264 protocol in Cisco Meeting Server (CMS) 2.1.4 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected system. | 5.0 |
| 2017-08-07 | CVE-2017-6762 | Cross-site Scripting vulnerability in Cisco Jabber Guest A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software. | 4.3 |
| 2017-08-07 | CVE-2017-6761 | Cross-site Scripting vulnerability in Cisco Finesse 10.6(1)/11.5(1) A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2017-08-07 | CVE-2017-6759 | Improper Input Validation vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. | 6.8 |
| 2017-08-07 | CVE-2017-6758 | Path Traversal vulnerability in Cisco Unified Communications Manager 11.5(1.10000.6) A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. | 6.8 |
| 2017-08-07 | CVE-2017-6757 | SQL Injection vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack. | 6.5 |
| 2017-08-07 | CVE-2017-6756 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Collaboration Provisioning 12.2 A vulnerability in the Web UI Application of the Cisco Prime Collaboration Provisioning Tool through 12.2 could allow an unauthenticated, remote attacker to execute unwanted actions. | 6.8 |
| 2017-08-07 | CVE-2017-6754 | SQL Injection vulnerability in Cisco Smart NET Total Care Collector Appliance 3.11 A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks. | 4.0 |